ioquatix-account_engine 0.1.0

data/rails/app/models/permission.rb

@@ -0,0 +1,129 @@
+# Copyright (c) 2005 James Adam
+#
+# This is the MIT license, the license Ruby on Rails itself is licensed 
+# under.
+#
+# Permission is hereby granted, free of charge, to any person obtaining 
+# a copy of this software and associated documentation files (the 
+# "Software"), to deal in the Software without restriction, including 
+# without limitation the rights to use, copy, modify, merge, publish, 
+# distribute, sublicense, and/or sell copies of the Software, and to permit
+# persons to whom the Software is furnished to do so, subject to the 
+# following conditions:
+#
+# The above copyright notice and this permission notice shall be included 
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
+# OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 
+
+
+
+# The Permission class is simply a database representation of each
+# controller/action pair. The association between a Role and a Permission
+# instance indicates that such a Role is authorised to call the
+# controller/action pair which that Permission represents.
+class Permission < ActiveRecord::Base
+  
+  set_table_name AccountEngine.permissions_table
+  has_and_belongs_to_many :roles, :join_table => AccountEngine.permissions_roles_table
+
+  validates_presence_of :controller, :action
+  
+  def self.by_controller(permissions=nil)
+    # split it up into controllers
+    actions = {}
+    permissions ||= self.find(:all)
+    
+    permissions.each do |p|
+      actions[p.controller] ||= []
+      actions[p.controller] << p
+    end
+    
+    return actions
+  end
+  
+  def self.inverse(controller, perms)
+    self.find(:all, :conditions => ['controller = ? and id not in (?)', controller, perms.map(&:id)])
+  end
+  
+  #--
+  # Class methods
+  #++
+  class << self 
+    
+    def for(controller, action)
+      find :first, :conditions => ['controller = ? and action = ?', controller, action]
+    end
+    
+    # Ensure that the table has one entry for each controller/action pair
+    def synchronize_with_controllers
+      # We need a set for mark/sweep
+      require 'set'
+
+      # weird hack. otherwise ActiveRecord has no idea about the superclass of any
+      # ActionController stuff...
+      require RAILS_ROOT + "/app/controllers/application"
+
+      # Load all the controller files
+      controller_files = Dir[RAILS_ROOT + "/app/controllers/**/*_controller.rb"]
+
+      # should we check to see if this is defined? I.E. will this code ever run
+      # outside of the framework environment...?
+      controller_files += Dir[RAILS_ROOT + "/vendor/plugins/*/app/controllers/**/*_controller.rb"]
+
+      # Search external plugins if needed. This supports gems.
+      if defined? Engines.plugins
+        Engines.plugins.each do |plugin|
+          plugin.code_paths.each do |path|
+            controller_files += Dir[File.join(path, "/**/*_controller.rb")]
+          end
+        end
+      end
+
+      logger.info "Controller files: " + controller_files.inspect
+
+      # we need to load all the controllers...
+      controller_files.each do |file_name|
+        require file_name #if /_controller.rb$/ =~ file_name
+      end
+
+      # Find the actions in each of the controllers, 
+      
+      marked = Set.new
+      
+      ApplicationController.all_controllers.collect do |controller|
+        controller.new.action_method_names.each { |action|
+          perms = find_all_by_controller_and_action(controller.controller_path, action)
+          
+          if perms.empty?
+            marked << self.create(:controller => controller.controller_path, :action => action, :system => true).id
+          else
+            perms.each { |p| marked << p.id }
+          end
+        }
+      end
+      
+      # Destroy all unmarked system permissions
+      self.find(:all, :conditions => ['system = ?', true]).each do |p|
+        p.destroy unless marked.include?(p.id)
+      end
+    end
+
+    #--
+    # A shorthand alias
+    #++
+    alias :sync :synchronize_with_controllers
+  
+  end
+  
+  # Returns the full path which this Permission object represents
+  def path
+    [controller, action].join("/")
+  end
+end

data/rails/app/models/role.rb

@@ -0,0 +1,60 @@
+# Copyright (c) 2005 James Adam
+#
+# This is the MIT license, the license Ruby on Rails itself is licensed 
+# under.
+#
+# Permission is hereby granted, free of charge, to any person obtaining 
+# a copy of this software and associated documentation files (the 
+# "Software"), to deal in the Software without restriction, including 
+# without limitation the rights to use, copy, modify, merge, publish, 
+# distribute, sublicense, and/or sell copies of the Software, and to permit
+# persons to whom the Software is furnished to do so, subject to the 
+# following conditions:
+#
+# The above copyright notice and this permission notice shall be included 
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
+# OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 
+
+
+
+# The Role class represents an abstract set of allowable behaviours within
+# an application. Each Role is associated with a number of Permissions (or
+# controller/action objects), and such associations indicate what actions
+# users using this application are allowed to perform.
+class Role < ActiveRecord::Base
+  has_and_belongs_to_many :users, :class_name => "User", :join_table => AccountEngine.users_roles_table
+  has_and_belongs_to_many :permissions, :join_table => AccountEngine.permissions_roles_table
+
+  validates_length_of :name, :minimum => 3
+  validates_uniqueness_of :name
+  
+  def permissions_by_controller
+    Permission.by_controller permissions
+  end
+  
+  # there can only be one omnipotent role.
+  def validate_on_create
+    if self.omnipotent? && Role.find_by_omnipotent(true)
+      errors.add_to_base("There can only be one omnipotent role.")
+    end
+  end
+  
+  set_table_name AccountEngine.roles_table
+  
+  def destroy
+    if self.system?
+      raise AccountEngine::SystemProtectionError.new("Cannot destroy a system role " +
+              " (#{AccountEngine.guest_role_name}, #{AccountEngine.user_role_name}," +
+              " or #{AccountEngine.admin_role_name})")
+    else
+      super
+    end
+  end
+end

data/rails/app/models/user.rb

@@ -0,0 +1,5 @@
+class User < ActiveRecord::Base
+  include AccountEngine::UserAccount
+  
+end
+

data/rails/app/models/user_notify.rb

@@ -0,0 +1,75 @@
+class UserNotify < ActionMailer::Base
+  def signup(user, password, url=nil)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Welcome to #{AccountEngine.app_name}!"
+
+    # Email body substitutions
+    @body["name"] = user.fullname
+    @body["login"] = user.login
+    @body["password"] = password
+    @body["url"] = url || AccountEngine.app_url.to_s
+    @body["app_name"] = AccountEngine.app_name.to_s
+  end
+
+  def forgot_password(user, url=nil)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Forgotten password notification"
+
+    # Email body substitutions
+    @body["name"] = user.fullname
+    @body["login"] = user.login
+    @body["url"] = url || AccountEngine.app_url.to_s
+    @body["app_name"] = AccountEngine.app_name.to_s
+  end
+
+  def change_password(user, password, url=nil)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Changed password notification"
+
+    # Email body substitutions
+    @body["name"] = user.fullname
+    @body["login"] = user.login
+    @body["password"] = password
+    @body["url"] = url || AccountEngine.app_url.to_s
+    @body["app_name"] = AccountEngine.app_name.to_s
+  end
+
+  def pending_delete(user, url=nil)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Delete user notification"
+
+    # Email body substitutions
+    @body["name"] = user.fullname
+    @body["url"] = url || AccountEngine.app_url.to_s
+    @body["app_name"] = AccountEngine.app_name.to_s
+    @body["days"] = AccountEngine.delayed_delete_days.to_s
+  end
+
+  def delete(user, url=nil)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Delete user notification"
+
+    # Email body substitutions
+    @body["name"] = user.fullname
+    @body["url"] = url || AccountEngine.app_url.to_s
+    @body["app_name"] = AccountEngine.app_name.to_s
+  end
+
+  def setup_email(user)
+    @recipients = user.email.to_s
+    @from       = AccountEngine.email_from.to_s
+    @subject    = "#{AccountEngine.app_name}: "
+    @sent_on    = Time.now
+    @headers['Content-Type'] = "text/plain; charset=#{AccountEngine.mail_charset}; format=flowed"
+  end
+end

data/rails/app/views/account/_form.rhtml

@@ -0,0 +1,8 @@
+<% f.fieldset do %>
+	<%= f.error_messages %>
+	
+	<%= f.text_field :email %>
+	<%= f.password_field :password %>
+	
+	<%= f.submit %>
+<% end %>

data/rails/app/views/account/change_password.rhtml

@@ -0,0 +1,17 @@
+<div title="<%= title_helper %>" class="form">
+  <h3>Change Password</h3>
+
+  <%= error_messages_for 'user' %>
+
+  <div class="form-padding">
+    <p>Enter your new password in the fields below and click 'Change Password' to have a new password sent to your email inbox.</p>
+
+    <%= start_form_tag :action => 'change_password' %>
+      <%= render_partial 'password', :user => @user, :submit => false %>
+      <div class="button-bar">
+        <%= submit_tag 'Change password' %>
+        <%= link_to 'Cancel', :action => 'home' %>
+      </div>
+    <%= end_form_tag %>
+  </div>
+</div>

data/rails/app/views/account/edit.rhtml

@@ -0,0 +1,5 @@
+<h1>Change my account details</h1>
+
+<% table_form_for @user, account_path do |f| %>
+	<%= f.render_form %>
+<% end %>

data/rails/app/views/account/forgot_password.rhtml

@@ -0,0 +1,12 @@
+<h1>Forgotten Password</h1>
+
+	<%= error_messages_for 'user' %>
+	
+	<p>Enter your email address in the field below and click 'Reset Password' to have instructions on how to retrieve your forgotten password emailed to you.</p>
+	
+	<%= start_form_tag_helper %>
+		<label>Email Address:</label> <%= text_field_tag("email", "", "size" => 30) %>
+		
+		<%= submit_tag 'Submit request' %>
+	<%= end_form_tag %>
+</div>

data/rails/app/views/account/home.rhtml

@@ -0,0 +1,3 @@
+<h1>Welcome <%= @user.fullname %></h1>
+
+<%= link_to '&#171; logout', :action => 'logout' %>

data/rails/app/views/account/login.rhtml

@@ -0,0 +1,27 @@
+<h1>Please Login</h1>
+
+<% form_tag({:action => 'login'}, {:id => :login}) do %>
+	<table>
+		<% if flash[:login] %>
+		<tr>
+			<td><%= flash[:login] %></td>
+		</tr>
+		<% end %>
+		<tr>
+			<td>Username</td><td><%= text_field_tag "login", @login %></td>
+		</tr>
+		<tr>
+			<td>Password</td><td><%= password_field_tag "password" %></td>
+		</tr>
+		<tr>
+			<td colspan="2">
+				<% if AccountEngine.allow_registration? %>
+				<%= link_if_authorized 'Register for an account', :action => 'signup' %> |
+				<%= link_if_authorized 'Forgot my password', :action => 'forgot_password' %>
+				<% end %>
+				<%= submit_tag 'Login' %>
+			</td>
+		</tr>
+	</table>
+<% end %>
+

data/rails/app/views/account/logout.rhtml

@@ -0,0 +1,8 @@
+<div title="<%= title_helper %>" class="memo">
+  <h3>Logoff</h3>
+
+  <p>You are now logged out of the system...</p>
+
+  <%= link_to '&#171; login', :action => 'login' %>
+</div>
+

data/rails/app/views/account/signup.rhtml

@@ -0,0 +1,28 @@
+<h1>New User</h1>
+
+<%= error_messages_for 'user' %>
+
+<%= start_form_tag :action => 'register' %>
+	<table>
+		<tr>
+			<td>Login Name</td><td><%= text_field_tag "login", @login %></td>
+		</tr>
+		<tr>
+			<td>Email</td><td><%= text_field_tag "email", @email %></td>
+		</tr>
+		<tr>
+			<td>Password</td><td><%= password_field_tag "password", @password, {:onkeyup => "javascript:checkPasswords()", :id => "password"} %></td>
+		</tr>
+		<tr>
+			<td>Repeat Password</td>
+			<td id="passwordErrorStatus">
+				<%= password_field_tag "password", @password, {:onkeyup => "javascript:checkPasswords()", :id => "passwordCopy"} %>
+			</td>
+		</tr>
+		<tr>
+			<td colspan="2">
+				<%= submit_tag "Register", {:id => "passwordChangeButton"} %>
+			</td>
+		</tr>
+	</table>
+<%= end_form_tag %>

data/rails/app/views/permissions/_form.rhtml

@@ -0,0 +1,14 @@
+<% f.fieldset do %>
+	<%= f.error_messages %>
+	
+	<%= f.text_field :controller %>
+	<%= f.text_field :action %>
+	
+	<%= f.text_field :description %>
+	
+	<% if @permission.system? %>
+		<%= "(This is a system role. Changes may not be retained across resync)" %>
+	<% end %>
+	
+	<%= f.submit %>
+<% end %>

data/rails/app/views/permissions/_list.rhtml

@@ -0,0 +1,38 @@
+<table id="permission_list" class="listing">
+	<thead>
+		<tr>
+			<th>Controller</th>
+			<th> </th>
+			<th>Action</th>
+			<th> </th>
+			<th>Roles</th>
+		</tr>
+	</thead>
+	<tfoot>
+		<tr>
+			<td colspan="5">
+				<%= link_if_authorized icon_tag(:create) + ' New permission', :controller => 'permissions', :action => 'new' %> | 
+				<%= link_if_authorized icon_tag(:sync) + ' Resynchronize Permissions', :controller => 'permissions', :action => 'resync' %>
+			</td>
+		</tr>
+	</tfoot>
+	<tbody>
+	<% controller = nil %>
+	<% for permission in permissions %>
+		<tr>
+			<td><%= permission.controller.humanize if permission.controller != controller %></td>
+			<% if permission.system? %>
+				<td><%= icon_tag ('system') %></td>
+				<td><%= permission.action %></td>
+				<td></td>
+			<% else %>
+				<td></td>
+				<td><%= link_if_authorized permission.action.humanize, :controller => 'permissions', :action => :edit, :id => permission.id %></td>
+				<td><%= link_if_authorized icon_tag ('destroy'), {:controller => 'permissions', :action => 'destroy', :id => permission.id}, :post => true %></td>
+			<% end %>
+			<td><%= permission.roles.collect{ |role| link_if_authorized role.name, :controller => 'roles', :action => 'show', :id => role.id }.join(', ') %></td>
+		</tr>
+	<% controller = permission.controller %>
+	<% end %>
+	</tbody>
+</table>

data/rails/app/views/permissions/edit.rhtml

@@ -0,0 +1,5 @@
+<h1>Edit permission</h1>
+
+<%= start_form_tag :action => 'update' %>
+  <%= render_partial "form" %>
+<%= end_form_tag %>

data/rails/app/views/permissions/index.rhtml

@@ -0,0 +1,3 @@
+<h1>Listing Permissions</h1>
+
+<%= render :partial => 'list', :locals => {:permissions => @permissions} %>

data/rails/app/views/permissions/new.rhtml

@@ -0,0 +1,5 @@
+<h1>New permission</h1>
+
+<%= start_form_tag :action => 'create' %>
+  <%= render_partial "form" %>
+<%= end_form_tag %>

data/rails/app/views/roles/_form.rhtml

@@ -0,0 +1,8 @@
+<% f.fieldset do %>
+	<%= f.error_messages %>
+	
+	<%= f.text_field :name %>
+	<%= f.text_area :description %>
+	
+	<%= f.submit %>
+<% end %>

data/rails/app/views/roles/_permissions.rhtml

@@ -0,0 +1,25 @@
+<table id="permission_list" class="listing">
+	<thead>
+		<tr>
+			<% actions.each_key do |c| %>
+				<th width="<%= 100.0 / actions.size %>%"><%= c.humanize %></th>
+			<% end %>
+		</tr>
+	</thead>
+	<tbody>
+		<tr class="granted">
+			<% actions.each_key do |c| %>
+			<td>
+				<%= actions[c].collect{ |p| link_if_authorized(icon_tag(:remove_permission), {:controller => 'roles', :action => 'remove_permission', :id => @role.id, :permission => p.id}, :method => :post) + p.action.humanize }.join("<br/>") %>
+			</td>
+			<% end%>
+		</tr>
+		<tr class="unassigned">
+			<% actions.each_key do |c| %>
+			<td>
+				<%= Permission.inverse(c, actions[c]).collect{ |p| link_if_authorized(icon_tag(:add_permission), {:controller => 'roles', :action => 'add_permission', :id => @role.id, :permission => p.id}, :method => :post) + p.action.humanize }.join("<br/>") %>
+			</td>
+			<% end%>
+		</tr>
+	</tbody>
+</table>

data/rails/app/views/roles/edit.rhtml

@@ -0,0 +1,5 @@
+<h1>Editing role '<%= @role.name %>'</h1>
+
+<% table_form_for :role, :url => {:action => :update, :id => @role} do |f| %>
+	<%= f.render_form %>
+<% end %>

data/rails/app/views/roles/index.rhtml

@@ -0,0 +1,34 @@
+<h1>Listing Roles</h1>
+
+<table class="listing">
+	<thead>
+		<tr>
+			<th>Name</th>
+			<th> </th>
+			<th></th><th></th>
+			<th>Description</th>
+			<th>Users</th>
+		</tr>
+	</thead>
+	<tfoot>
+		<tr>
+			<td colspan="6">
+				<%= link_if_authorized icon_tag(:create) + ' New Role', new_role_path %>
+			</td>
+		</tr>
+	</tfoot>
+	<tbody>
+		<% @roles.each do |r| %>
+		<tr>
+			<td><%= link_if_authorized r.name, :action => 'show', :id => r.id %></td>
+			<td><%= link_if_authorized icon_tag('edit'), :action => 'edit', :id => r.id %></td>
+			<td><%= icon_tag ('system') if r.system? %></td>
+			<td><%= icon_tag ('omnipotent') if r.omnipotent? %></td>
+			<td><%= r.description %></td>
+			<td><%= r.users.collect { |u| link_if_authorized u.fullname, :controller => 'users', :action => 'roles', :id => u.id }.join (", ") %></td>
+		</tr>
+		<% end %>
+	</tbody>
+</table>
+
+<%= will_paginate @roles %>

data/rails/app/views/roles/new.rhtml

@@ -0,0 +1,5 @@
+<h1>New role</h1>
+
+<% table_form_for :role, :url => {:action => :create} do |f| %>
+	<%= f.render_form %>
+<% end %>

data/rails/app/views/roles/show.rhtml

@@ -0,0 +1,20 @@
+<h1>Role: <%= @role.name %></h1>
+
+<h2>Description</h2>
+
+<p><%=h @role.description %> (<%= link_if_authorized 'Edit', :action => 'edit', :id => @role.id %>)</p>
+
+<h2>Users</h2>
+<ul id="role_user_list" class="property_list">
+	<% @role.users.each do |user| %>
+	<li>
+    	<%= link_if_authorized user.fullname, {:controller => "users", :action => "roles", :id => user.id}, {:show_text => true, :title => user.login } %>
+	</li>
+	<% end %>
+</ul>
+
+<h2>Permissions</h2>
+<% @actions.keys.sort.in_groups_of(4) do |controllers| %>
+	<% actions = @actions.dup.delete_if { |k,v| !controllers.include? k } %>
+	<%= render :partial => 'permissions', :locals => {:role => @role, :actions => actions} %>
+<% end %>

data/rails/app/views/user_notify/change_password.rhtml

@@ -0,0 +1,10 @@
+Dear <%= @name %>,
+
+At your request, <%= @app_name %> has changed your password. If it was not at your request, then you should be aware that someone has access to your account and requested this change.
+
+Your new login credentials are:
+
+  login:    <%= @login %>
+  password: <%= @password %>
+ 
+<%= @url %>

data/rails/app/views/user_notify/delete.rhtml

@@ -0,0 +1,5 @@
+Dear <%= @name %>,
+
+At your request, <%= @app_name %> has permanently deleted your account.
+ 
+<%= @url %>

data/rails/app/views/user_notify/forgot_password.rhtml

@@ -0,0 +1,11 @@
+Dear <%= @name %>,
+
+At your request, <%= @app_name %> has sent you the following URL so that you may reset your password. If it was not at your request, then you should be aware that someone has entered your email address as theirs in the forgotten password section of <%= @app_name %>.
+
+Please click on the following link to go to the change password page:
+
+<a href="<%= @url%>">Click me!</a>
+ 
+It's advisable for you to change your password as soon as you login. It's as simple as navigating to 'Preferences' and clicking on 'Change Password'.
+
+<%= @url %>

data/rails/app/views/user_notify/pending_delete.rhtml

@@ -0,0 +1,9 @@
+Dear <%= @name %>,
+
+At your request, <%= @app_name %> has marked your account for deletion. If it was not at your request, then you should be aware that someone has access to your account and requested this change.
+
+The following link is provided for you to restore your deleted account. If you click on this link within the next <%= @days %> days, your account will not be deleted. Otherwise, simply ignore this email and your account will be permanently deleted after that time.
+
+<a href="<%= @url%>">Click me!</a>
+ 
+<%= @url %>

data/rails/app/views/user_notify/signup.rhtml

@@ -0,0 +1,12 @@
+Welcome to <%= @app_name %>, <%= @name %>.
+
+Your login credentials are:
+
+  login:    <%= @login %>
+  password: <%= @password %>
+
+Please click on the following link to confirm your registration:
+
+<a href="<%= @url%>">Click me!</a>
+
+<%= @url %>

data/rails/app/views/users/_form.rhtml

@@ -0,0 +1,12 @@
+<% f.fieldset do %>
+	<%= f.error_messages %>
+	<%= f.text_field :login %>
+	<%= f.text_field :email %>
+	
+	<%= f.text_field :password %>
+	
+	<%= f.check_box :verified %>
+	<%= f.check_box :deleted %>
+	
+	<%= f.submit %>
+<% end %>

data/rails/app/views/users/edit.rhtml

@@ -0,0 +1,5 @@
+<h1>Edit User</h1>
+
+<% table_form_for :user, :url => {:action => :update, :id => @user} do |f| %>
+	<%= f.render_form %>
+<% end %>